def testCollect(self): """Tests the Collect function.""" registry = self._CreateTestRegistry() test_output_writer = test_lib.TestOutputWriter() collector_object = sysinfo.SystemInfoCollector( output_writer=test_output_writer) result = collector_object.Collect(registry) self.assertTrue(result) test_output_writer.Close() self.assertIsNotNone(collector_object.system_information) self.assertEqual(collector_object.system_information.csd_version, self._CSD_VERSION) self.assertEqual( collector_object.system_information.current_build_number, self._CURRENT_BUILD_NUMBER) self.assertEqual(collector_object.system_information.current_type, self._CURRENT_TYPE) self.assertEqual(collector_object.system_information.current_version, self._CURRENT_VERSION) self.assertIsNotNone( collector_object.system_information.installation_date) self.assertEqual( collector_object.system_information.product_identifier, self._PRODUCT_IDENTIFIER) self.assertEqual(collector_object.system_information.product_name, self._PRODUCT_NAME)
def testReadStructureFromByteStream(self): """Tests the _ReadStructureFromByteStream function.""" output_writer = test_lib.TestOutputWriter() test_format = TestBinaryDataFormat(debug=True, output_writer=output_writer) test_format._ReadStructureFromByteStream( b'\x01\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x00', 0, test_format.POINT3D, 'point3d') # Test with missing byte stream. with self.assertRaises(ValueError): test_format._ReadStructureFromByteStream(None, 0, test_format.POINT3D, 'point3d') # Test with missing data map type. with self.assertRaises(ValueError): test_format._ReadStructureFromByteStream( b'\x01\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x00', 0, None, 'point3d') # Test with data type map that raises an dtfabric.MappingError. data_type_map = ErrorDataTypeMap(None) with self.assertRaises(errors.ParseError): test_format._ReadStructureFromByteStream( b'\x01\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x00', 0, data_type_map, 'point3d')
def testCollect(self): """Tests the Collect function.""" registry = self._CreateTestRegistry() test_output_writer = test_lib.TestOutputWriter() collector_object = task_cache.TaskCacheCollector( output_writer=test_output_writer) result = collector_object.Collect(registry) self.assertTrue(result) test_output_writer.Close() self.assertEqual(len(collector_object.cached_tasks), 2) cached_tasks = sorted(collector_object.cached_tasks, key=lambda task: task.identifier) cached_task = cached_tasks[0] self.assertIsNotNone(cached_task) self.assertEqual(cached_task.identifier, self._GUID1) # TODO: fix test # self.assertEqual(cached_task.name, self._NAME1) cached_task = cached_tasks[1] self.assertIsNotNone(cached_task) self.assertEqual(cached_task.identifier, self._GUID2)
def testCollect(self): """Tests the Collect function.""" test_path = self._GetTestFilePath(['NTUSER.DAT']) self._SkipIfPathNotExists(test_path) registry = dfwinreg_registry.WinRegistry() with open(test_path, 'rb') as file_object: registry_file = dfwinreg_regf.REGFWinRegistryFile( ascii_codepage='cp1252') registry_file.Open(file_object) key_path_prefix = registry.GetRegistryFileMapping(registry_file) registry_file.SetKeyPathPrefix(key_path_prefix) registry.MapFile(key_path_prefix, registry_file) test_output_writer = test_lib.TestOutputWriter() collector_object = programscache.ProgramsCacheCollector( output_writer=test_output_writer) result = collector_object.Collect(registry) self.assertTrue(result) test_output_writer.Close()
def testReadData(self): """Tests the _ReadData function.""" output_writer = test_lib.TestOutputWriter() test_format = TestBinaryDataFormat(debug=True, output_writer=output_writer) file_object = io.BytesIO( b'\x01\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x00') test_format._ReadData(file_object, 0, test_format.POINT3D_SIZE, 'point3d') # Test with missing file-like object. with self.assertRaises(ValueError): test_format._ReadData(None, 0, test_format.POINT3D_SIZE, 'point3d') # Test with file-like object with insufficient data. file_object = io.BytesIO( b'\x01\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00') with self.assertRaises(errors.ParseError): test_format._ReadData(file_object, 0, test_format.POINT3D_SIZE, 'point3d') # Test with file-like object that raises an IOError. file_object = ErrorBytesIO( b'\x01\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x00') with self.assertRaises(errors.ParseError): test_format._ReadData(file_object, 0, test_format.POINT3D_SIZE, 'point3d')
def testReadFileObject(self): """Tests the ReadFileObject function.""" output_writer = test_lib.TestOutputWriter() test_file = chrome_cache.DataBlockFile(output_writer=output_writer) test_file_path = self._GetTestFilePath(['chrome_cache', 'data_0']) test_file.Open(test_file_path)
def testReadFileObject(self): """Tests the ReadFileObject.""" output_writer = test_lib.TestOutputWriter() test_file = wemf.EMFFile(debug=True, output_writer=output_writer) test_file_path = self._GetTestFilePath(['Memo.emf']) test_file.Open(test_file_path)
def testReadFileObject(self): """Tests the ReadFileObject.""" output_writer = test_lib.TestOutputWriter() test_file = utmp.LinuxLibc6UtmpFile(debug=True, output_writer=output_writer) test_file_path = self._GetTestFilePath(['utmp-linux_libc6']) test_file.Open(test_file_path)
def testReadFileObject(self): """Tests the ReadFileObject.""" output_writer = test_lib.TestOutputWriter() test_file = utmp.MacOSXUtmpxFile(debug=True, output_writer=output_writer) test_file_path = self._GetTestFilePath(['utmpx-macosx10.5']) test_file.Open(test_file_path)
def testDebugPrintDestListEntry(self): """Tests the _DebugPrintDestListEntry function.""" output_writer = test_lib.TestOutputWriter() test_file = jump_list.AutomaticDestinationsFile(output_writer=output_writer) test_file._format_version = 3 uuid_value = uuid.UUID('{97d57d7f-24e9-4de7-9306-b40d93442fbb}') data_type_map = test_file._GetDataTypeMap('dest_list_entry_v3') dest_list_entry = data_type_map.CreateStructureValues( unknown1=1, droid_volume_identifier=uuid_value, droid_file_identifier=uuid_value, birth_droid_volume_identifier=uuid_value, birth_droid_file_identifier=uuid_value, hostname='myhost', entry_number=2, unknown2=3, unknown3=4.0, last_modification_time=5, pin_status=6, unknown4=7, unknown5=8, unknown6=9, path_size=6, path='mypath', unknown7=10) test_file._DebugPrintDestListEntry(dest_list_entry)
def testReadMemberHeader(self): """Tests the _ReadMemberHeader function.""" output_writer = test_lib.TestOutputWriter() test_file = gzipfile.GZipFile(output_writer=output_writer) test_file_path = self._GetTestFilePath(['syslog.gz']) with open(test_file_path, 'rb') as file_object: test_file._ReadMemberHeader(file_object)
def testReadEntries(self): """Tests the _ReadEntries function.""" output_writer = test_lib.TestOutputWriter() test_file = utmp.LinuxLibc6UtmpFile(output_writer=output_writer) test_file_path = self._GetTestFilePath(['utmp-linux_libc6']) with open(test_file_path, 'rb') as file_object: test_file._ReadEntries(file_object)
def testReadFileObject(self): """Tests the ReadFileObject function.""" output_writer = test_lib.TestOutputWriter() test_file = asl.AppleSystemLogFile(debug=True, output_writer=output_writer) test_file_path = self._GetTestFilePath(['applesystemlog.asl']) test_file.Open(test_file_path)
def testReadFileObjectWithAppleBSM(self): """Tests the ReadFileObject function with an Apple BSM file.""" output_writer = test_lib.TestOutputWriter() test_file = bsm.BSMEventAuditingFile(debug=True, output_writer=output_writer) test_file_path = self._GetTestFilePath(['apple.bsm']) test_file.Open(test_file_path)
def testReadFileObjectOnV3File(self): """Tests the ReadFileObject function on a format version 3 file.""" output_writer = test_lib.TestOutputWriter() test_file = jump_list.AutomaticDestinationsFile(output_writer=output_writer) test_file_path = self._GetTestFilePath([ '9d1f905ce5044aee.automaticDestinations-ms']) test_file.Open(test_file_path)
def testReadFileObject(self): """Tests the ReadFileObject function.""" output_writer = test_lib.TestOutputWriter() test_file = tzif.TimeZoneInformationFile(debug=True, output_writer=output_writer) test_file_path = self._GetTestFilePath(['localtime.tzif']) test_file.Open(test_file_path)
def testReadFileHeader(self): """Tests the _ReadFileHeader function.""" output_writer = test_lib.TestOutputWriter() test_file = tzif.TimeZoneInformationFile(output_writer=output_writer) test_file_path = self._GetTestFilePath(['localtime.tzif']) with open(test_file_path, 'rb') as file_object: test_file._ReadFileHeader(file_object)
def testReadFileObject(self): """Tests the ReadFileObject function.""" output_writer = test_lib.TestOutputWriter() test_file = safari_cookies.BinaryCookiesFile( debug=True, output_writer=output_writer) test_file_path = self._GetTestFilePath(['Cookies.binarycookies']) test_file.Open(test_file_path)
def setUp(self): """Sets up the needed objects used throughout the test.""" self._output_writer = test_lib.TestOutputWriter(encoding='utf-8') self._test_tool = preg_tool.PregTool(output_writer=self._output_writer) self._test_console = preg.PregConsole(self._test_tool) file_entry = self._GetTestFileEntry(['NTUSER.DAT']) self._file_path = self._GetTestFilePath(['NTUSER.DAT']) self._registry_helper = helper.PregRegistryHelper(file_entry, 'OS')
def testReadFileObject(self): """Tests the ReadFileObject function.""" output_writer = test_lib.TestOutputWriter() test_file = unified_logging.TraceV3File(debug=True, output_writer=output_writer) test_file_path = self._GetTestFilePath(['0000000000000030.tracev3']) test_file.Open(test_file_path)
def testReadChunkHeader(self): """Tests the _ReadChunkHeader function.""" output_writer = test_lib.TestOutputWriter() test_file = unified_logging.TraceV3File(output_writer=output_writer) test_file_path = self._GetTestFilePath(['0000000000000030.tracev3']) with open(test_file_path, 'rb') as file_object: test_file._ReadChunkHeader(file_object, 0)
def testReadFileObject(self): """Tests the ReadFileObject.""" output_writer = test_lib.TestOutputWriter() # TODO: add debug=True test_file = gzipfile.GZipFile(output_writer=output_writer) test_file_path = self._GetTestFilePath(['syslog.gz']) test_file.Open(test_file_path)
def testReadFileObjectOnV1File(self): """Tests the ReadFileObject function on a format version 1 file.""" output_writer = test_lib.TestOutputWriter() test_file = jump_list.AutomaticDestinationsFile(output_writer=output_writer) test_file_path = self._GetTestFilePath([ '1b4dd67f29cb1962.automaticDestinations-ms']) test_file.Open(test_file_path)
def testReadFileObjectFormatVersion2(self): """Tests the ReadFileObject function on a format version 2 file.""" output_writer = test_lib.TestOutputWriter() test_file = recycle_bin.RecycleBinMetadataFile( debug=True, output_writer=output_writer) test_file_path = self._GetTestFilePath(['$I103S5F.jpg']) test_file.Open(test_file_path)
def testReadFileObject(self): """Tests the ReadFileObject function.""" output_writer = test_lib.TestOutputWriter() test_file = jump_list.CustomDestinationsFile(output_writer=output_writer) test_file_path = self._GetTestFilePath([ '5afe4de1b92fc382.customDestinations-ms']) test_file.Open(test_file_path)
def testReadRecord(self): """Tests the _ReadRecord function.""" output_writer = test_lib.TestOutputWriter() test_file = bsm.BSMEventAuditingFile(output_writer=output_writer) test_file_path = self._GetTestFilePath(['openbsm.bsm']) with open(test_file_path, 'rb') as file_object: test_file._ReadRecord(file_object, 0)
def testReadFileHeader(self): """Tests the _ReadFileHeader function.""" output_writer = test_lib.TestOutputWriter() test_file = wmi_repository.MappingFile(output_writer=output_writer) test_file_path = self._GetTestFilePath(['cim', 'INDEX.MAP']) with open(test_file_path, 'rb') as file_object: test_file._ReadFileHeader(file_object)
def testReadFileObject(self): """Tests the ReadFileObject.""" output_writer = test_lib.TestOutputWriter() test_file = rp_change_log.RestorePointChangeLogFile( output_writer=output_writer) test_file_path = self._GetTestFilePath(['change.log.1']) test_file.Open(test_file_path)
def testReadEntries(self): """Tests the _ReadEntries function.""" output_writer = test_lib.TestOutputWriter() test_file = utmp.MacOSXUtmpxFile(output_writer=output_writer) test_file_path = self._GetTestFilePath(['utmpx-macosx10.5']) with open(test_file_path, 'rb') as file_object: test_file._ReadEntries(file_object)
def testReadFileHeader(self): """Tests the _ReadFileHeader function.""" output_writer = test_lib.TestOutputWriter() test_file = asl.AppleSystemLogFile(output_writer=output_writer) test_file_path = self._GetTestFilePath(['applesystemlog.asl']) with open(test_file_path, 'rb') as file_object: test_file._ReadFileHeader(file_object)